Customer call centers, or simply, “call centers,” are often the first point of contact for customers seeking direct assistance from manufacturers and service vendors. Call centers are reachable by telephone, including data network-based telephone services, such as Voice-Over-Internet (VoIP), and provide customer support and problem resolution. Although World Wide Web- and email-based customer support are becoming increasingly available, call centers still offer a convenient and universally-accessible forum for remote customer assistance.
Call centers generally provide customer assistance through incoming and outgoing calls. During a call, an agent may obtain personally identifiable information from callers to identify that caller or open an account for the caller. Due to the sensitive nature of the information, the call center may be required to comply with guidelines for managing and storing the information. For example, call centers that process credit card information must comply with the Payment Card Industry (PCI) data security standards to prevent credit card fraud by increasing security and minimizing compromise of credit card related data. As well, medical call centers that deal with information regarding patients' health conditions, care, and payment for provision of the health care, must comply with the Health Insurance Portability and Accountability Act (HIPAA) to protect the privacy and security of the health information.
In conventional call centers, a caller directly provides their sensitive data to an agent, which is then processed. For instance, a caller calls into the call center for assistance with one or more matters. The call can be transferred to an agent who may first verify an identity of the caller by asking personal questions and then assist the caller upon verification. During the call, the agent may request the caller to verbally provide personally identifiable information, such as social security number, credit card information, or health status. The sensitive information can then be entered into a database by the agent or can be recorded during the call for later use. After the call, the sensitive information can be masked or obfuscated within the database or recording to prevent unauthorized access to the information. However, the sensitive information can be accessed by an unauthorized individual, such as an agent, prior to masking. Therefore, the conventional method for obtaining information from a caller leaves the information open to breach by allowing an agent or other individual of the call center to obtain the information.
Accordingly, a system and method to securely identify, receive, and protect sensitive information, such as personally identifiable information, is needed. Preferably, the system and method will use an automated voice response system to accept, manage, and mask the sensitive information in real time.